Archer ax1500 device isolation not working
I have a weird situation where 2 issues are combined and not working. is not nice.
my setup is 2 archer ax1500 in easymesh over wireless backhaul (ethernet backhaul makes no difference)
1- device isolation in the main netowkr does not work no matter what I do.
2- devices in the guest network with allow access to local network devices can see also my wireless devices in the main network. Local network should be only LAN port devices. why does this feature even exist if it just bridges the 2 networks and not the interfaces. (poor choice)
3- 1 specific device cannot connect to the main network when 5ghz is enabled (it is a N/AC device an android tv official device) hence my use of the guest network as 2.4 only with allow local network access enabled. (I have no idea whats happening here. I tried an archer A6 and the device conencts to the N/AC 5ghz networks but cannot in any way negotiate 5ghz connectivity with the archer ax1500)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
for any readers of this undocumented buggy features.
if you use ip address reservation. any devices in the "main network" either with static or reserved ips are always shared to the guest network.
I assume the address separation is gone all at the dhcp level and is buggy as hell.
if you have any servers or nas etc with static ips or iot devices u want to reserve.
1- DO NOT enable guest allow network as these are shared by default.
2- AP isolation on the main network is wonky it only prevents the wireless devices provisioned with dhcp to not see other devices provisioned with dhcp. it will always show the static and reserved ip sets regardless. For my use case I left it enabled and it just prevented access within the only 2 devices in the main network with dynamic dhcp allocation.
IMO this is a lame way to implement network isolation and firewall ruling.
At least it could be better documented in more complex scenarios and not let users to discover and think its a bug.
Although it looks and feels like a buggy implementation while is not.
- Copy Link
- Report Inappropriate Content
Hi, thanks for posting question on our community.
1. As this guide says, while isolated, the devices can still access the internet and are able to communicate with other isolated devices. However, isolated devices cannot transfer data with devices on your home network, including managing gateway devices, accessing USB devices, etc. So you may share more details about how it does not work, then we can get better understanding about your problem.
2. For Easymesh network, currently guest network can not synchronize to satellite router. On your main router, did you enable "Allow guests to access your local network"? "Local network should be only LAN port devices. "--Sorry, I am afraid it is only your understanding. All wireless and wired connection to main router belongs to local network.
3. Can I confirm whether you use Archer A6 to replace main Archer AX1500? Please check whether their 5GHz wirless settings are totally the same.
Thanks for your cooperation~
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
what a secure network looks like is
1: devices in LAN ports
2: devices in main-wifi
3: devices in guest-wifi
devices in lan can access internet and can see main and guest wifi devices.
devices in main-wifi cannot see devices in guest-wifi but can access lan devices such as nas or dns server.
devices in guest-wifi can access lan devices such as a nas or dns server and internet but cannot see main-wifi devices.
this has eternally been impossible in tplink routers. always one side does not work and leads to compromise. if you enable in guest that devices have access to local they can see the wifi devices in the main wifi network. allowing my guest for example to scan my network and discover my phone when they should only discover my nas.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
after more mingling around ended up with this setup
network > dhcp server > reserving X number of IPs
wireless > aditional settings > enable ap isolation on main network
wireless > guest network > disable allow guest to see eachother, enable allow guests access local network
I make sure all devices that need to be accessed by everyone such as DNS, NAS are either STATIC IPS over ethernet or are DHCP wireless reserved ips (a wireless printer or chromecast guest room for example).
This allows
my lan devices to see all devices across, lan, wireless main, wireless guest (i have nmap network scanners running)
my guest wireless devices can access pihole, and chromecast devices but cannot see any other non ip reserved main wireless devices
my main wireless devices can see guest and lan devices (while is not ideal that they can see guest devices at least guest devices can't see the main wireless that are non dhcp reserved devices)
the main flaw IMO is the combination of dhcp reservation to allow sharing cross networks.
but i assume someone might call this an undocumented feature
- Copy Link
- Report Inappropriate Content
It seems like you're facing multiple issues with the TP-Link AX1500 Wi-Fi 6 Router (ARCHER AX10). Here are some suggestions that might help:
-
Device Isolation Not Working on Main Network: Double-check that device isolation is properly enabled on both routers in your EasyMesh setup. Sometimes, resetting the network settings and reconfiguring EasyMesh can fix this issue. You might also want to update the firmware if you haven't already or contact TP-Link support for guidance on potential bugs related to device isolation.
-
Guest Network Access to Main Network Devices: The guest network should ideally be isolated from the main network, including wireless devices. However, it seems like enabling "Allow access to local network devices" is bridging the networks in your case. If this feature is causing the two networks to be mixed, consider turning off that option or checking if a firmware update has addressed this behavior. Again, this might be something TP-Link should address in their future firmware updates.
-
5GHz Connectivity Issue with Specific Device: The 5GHz issue with your Android TV device could be due to a compatibility problem between the device and the AX1500. Try forcing the AX1500 to use a lower channel in the 5GHz range, as sometimes certain devices have trouble with higher channels. Also, check if the TV’s firmware is up-to-date. If none of these work, using the guest network as a temporary workaround, as you’ve done, seems like the best option until a permanent fix is found.
If these steps don't resolve your issues, contacting TP-Link support might be the best course of action.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 365
Replies: 8
Voters 0
No one has voted for it yet.